机器指纹.docx

机器指纹.docx

《机器指纹.docx》由会员分享，可在线阅读，更多相关《机器指纹.docx（23页珍藏版）》请在冰豆网上搜索。

机器指纹

//以下代码可以取得系统特征码（网卡MAC、硬盘序列号、CPUID、BIOS编号）

BYTEszSystemInfo[4096];//在程序执行完毕后，此处存储取得的系统特征码

UINTuSystemInfoLen=0;//在程序执行完毕后，此处存储取得的系统特征码的长度

//网卡MAC地址，注意:

MAC地址是可以在注册表中修改的

{

UINTuErrorCode=0;

IP_ADAPTER_INFOiai;

ULONGuSize=0;

DWORDdwResult=GetAdaptersInfo（&iai,&uSize）;

if（dwResult==ERROR_BUFFER_OVERFLOW）

{

IP_ADAPTER_INFO*piai=（IP_ADAPTER_INFO*）HeapAlloc（GetProcessHeap（）,0,uSize）;

if（piai!

=NULL）

{

dwResult=GetAdaptersInfo（piai,&uSize）;

if（ERROR_SUCCESS==dwResult）

{

IP_ADAPTER_INFO*piai2=piai;

while（piai2!

=NULL&&（uSystemInfoLen+piai2->AddressLength）<4096U）

{

CopyMemory（szSystemInfo+uSystemInfoLen,piai2->Address,piai2->AddressLength）;

uSystemInfoLen+=piai2->AddressLength;

piai2=piai2->Next;

}

}

else

{

uErrorCode=0xF0000000U+dwResult;

}

VERIFY（HeapFree（GetProcessHeap（）,0,piai））;

}

else

{

returnFALSE;

}

}

else

{

uErrorCode=0xE0000000U+dwResult;

}

if（uErrorCode!

=0U）

{

returnFALSE;

}

}

//硬盘序列号，注意：

有的硬盘没有序列号

{

OSVERSIONINFOovi={0};

ovi.dwOSVersionInfoSize=sizeof（OSVERSIONINFO）;

GetVersionEx（&ovi）;

if（ovi.dwPlatformId!

=VER_PLATFORM_WIN32_NT）

{

//OnlyWindows2000,WindowsXP,WindowsServer2003...

returnFALSE;

}

else

{

if（!

WinNTHDSerialNumAsPhysicalRead（szSystemInfo,&uSystemInfoLen,1024））

{

WinNTHDSerialNumAsScsiRead（szSystemInfo,&uSystemInfoLen,1024）;

}

}

}

//CPUID

{

BOOLbException=FALSE;

BYTEszCpu[16]={0};

UINTuCpuID=0U;

__try

{

_asm

{

moveax,0

cpuid

movdwordptrszCpu[0],ebx

movdwordptrszCpu[4],edx

movdwordptrszCpu[8],ecx

moveax,1

cpuid

movuCpuID,edx

}

}

__except（EXCEPTION_EXECUTE_HANDLER）

{

bException=TRUE;

}

if（!

bException）

{

CopyMemory（szSystemInfo+uSystemInfoLen,&uCpuID,sizeof（UINT））;

uSystemInfoLen+=sizeof（UINT）;

uCpuID=strlen（（char*）szCpu）;

CopyMemory（szSystemInfo+uSystemInfoLen,szCpu,uCpuID）;

uSystemInfoLen+=uCpuID;

}

}

//BIOS编号，支持AMI,AWARD,PHOENIX

{

SIZE_Tssize;

LARGE_INTEGERso;

so.LowPart=0x000f0000;

so.HighPart=0x00000000;

ssize=0xffff;

wchar_tstrPH[30]=L\\device\\physicalmemory;

DWORDba=0;

UNICODE_STRINGstruniph;

struniph.Buffer=strPH;

struniph.Length=0x2c;

struniph.MaximumLength=0x2e;

OBJECT_ATTRIBUTESobj_ar;

obj_ar.Attributes=64;

obj_ar.Length=24;

obj_ar.ObjectName=&struniph;

obj_ar.RootDirectory=0;

obj_ar.SecurityDescriptor=0;

obj_ar.SecurityQualityOfService=0;

HMODULEhinstLib=LoadLibrary（"ntdll.dll"）;

ZWOSZWopenS=（ZWOS）GetProcAddress（hinstLib,"ZwOpenSection"）;

ZWMVZWmapV=（ZWMV）GetProcAddress（hinstLib,"ZwMapViewOfSection"）;

ZWUMVZWunmapV=（ZWUMV）GetProcAddress（hinstLib,"ZwUnmapViewOfSection"）;

//调用函数，对物理内存进行映射

HANDLEhSection;

if（0==ZWopenS（&hSection,4,&obj_ar）&&

0==ZWmapV（

（HANDLE）hSection,//打开Section时得到的句柄

（HANDLE）0xFFFFFFFF,//将要映射进程的句柄，

&ba,//映射的基址

0,

0xFFFF,//分配的大小

&so,//物理内存的地址

&ssize,//指向读取内存块大小的指针

1,//子进程的可继承性设定

0,//分配类型

2//保护类型

））

//执行后会在当前进程的空间开辟一段64k的空间，并把f000:

0000到f000:

ffff处的内容映射到这里

//映射的基址由ba返回,如果映射不再有用,应该用ZwUnmapViewOfSection断开映射

{

BYTE*pBiosSerial=（BYTE*）ba;

UINTuBiosSerialLen=FindAwardBios（&pBiosSerial）;

if（uBiosSerialLen==0U）

{

uBiosSerialLen=FindAmiBios（&pBiosSerial）;

if（uBiosSerialLen==0U）

{

uBiosSerialLen=FindPhoenixBios（&pBiosSerial）;

}

}

if（uBiosSerialLen!

=0U）

{

CopyMemory（szSystemInfo+uSystemInfoLen,pBiosSerial,uBiosSerialLen）;

uSystemInfoLen+=uBiosSerialLen;

}

ZWunmapV（（HANDLE）0xFFFFFFFF,（void*）ba）;

}

}

//完毕，系统特征码已取得。

　　以下是其中用到的某些结构及函数的定义:

#defineFILE_DEVICE_SCSI0x0000001b

#defineIOCTL_SCSI_MINIPORT_IDENTIFY（（FILE_DEVICE_SCSI<<16）+0x0501）

#defineIOCTL_SCSI_MINIPORT0x0004D008//seeNTDDSCSI.Hfordefinition

#defineIDENTIFY_BUFFER_SIZE512

#defineSENDIDLENGTH（sizeof（SENDCMDOUTPARAMS）+IDENTIFY_BUFFER_SIZE）

#defineIDE_ATAPI_IDENTIFY0xA1//ReturnsIDsectorforATAPI.

#defineIDE_ATA_IDENTIFY0xEC//ReturnsIDsectorforATA.

#defineDFP_RECEIVE_DRIVE_DATA0x0007c088

typedefstruct_IDSECTOR

{

USHORTwGenConfig;

USHORTwNumCyls;

USHORTwReserved;

USHORTwNumHeads;

USHORTwBytesPerTrack;

USHORTwBytesPerSector;

USHORTwSectorsPerTrack;

USHORTwVendorUnique[3];

CHARsSerialNumber[20];

USHORTwBufferType;

USHORTwBufferSize;

USHORTwECCSize;

CHARsFirmwareRev[8];

CHARsModelNumber[40];

USHORTwMoreVendorUnique;

USHORTwDoubleWordIO;

USHORTwCapabilities;

USHORTwReserved1;

USHORTwPIOTiming;

USHORTwDMATiming;

USHORTwBS;

USHORTwNumCurrentCyls;

USHORTwNumCurrentHeads;

USHORTwNumCurrentSectorsPerTrack;

ULONGulCurrentSectorCapacity;

USHORTwMultSectorStuff;

ULONGulTotalAddressableSectors;

USHORTwSingleWordDMA;

USHORTwMultiWordDMA;

BYTEbReserved[128];

}IDSECTOR,*PIDSECTOR;

typedefstruct_DRIVERSTATUS

{

BYTEbDriverError;//Errorcodefromdriver,or0ifnoerror.

BYTEbIDEStatus;//ContentsofIDEErrorregister.

//OnlyvalidwhenbDriverErrorisSMART_IDE_ERROR.

BYTEbReserved[2];//Reservedforfutureexpansion.

DWORDdwReserved[2];//Reservedforfutureexpansion.

}DRIVERSTATUS,*PDRIVERSTATUS,*LPDRIVERSTATUS;

typedefstruct_SENDCMDOUTPARAMS

{

DWORDcBufferSize;//SizeofbBufferinbytes

DRIVERSTATUSDriverStatus;//Driverstatusstructure.

BYTEbBuffer[1];//Bufferofarbitrarylengthinwhichtostorethedatareadfromthe//drive.

}SENDCMDOUTPARAMS,*PSENDCMDOUTPARAMS,*LPSENDCMDOUTPARAMS;

typedefstruct_SRB_IO_CONTROL

{

ULONGHeaderLength;

UCHARSignature[8];

ULONGTimeout;

ULONGControlCode;

ULONGReturnCode;

ULONGLength;

}SRB_IO_CONTROL,*PSRB_IO_CONTROL;

typedefstruct_IDEREGS

{

BYTEbFeaturesReg;//UsedforspecifyingSMART"commands".

BYTEbSectorCountReg;//IDEsectorcountregister

BYTEbSectorNumberReg;//IDEsectornumberregister

BYTEbCylLowReg;//IDElowordercylindervalue

BYTEbCylHighReg;//IDEhighordercylindervalue

BYTEbDriveHeadReg;//IDEdrive/headregister

BYTEbCommandReg;//ActualIDEcommand.

BYTEbReserved;//reservedforfutureuse.Mustbezero.

}IDEREGS,*PIDEREGS,*LPIDEREGS;

typedefstruct_SENDCMDINPARAMS

{

DWORDcBufferSize;//Buffersizeinbytes

IDEREGSirDriveRegs;//Structurewithdriveregistervalues.

BYTEbDriveNumber;//Physicaldrivenumbertosend

//commandto（0,1,2,3）.

BYTEbReserved[3];//Reservedforfutureexpansion.

DWORDdwReserved[4];//Forfutureuse.

BYTEbBuffer[1];//Inputbuffer.

}SENDCMDINPARAMS,*PSENDCMDINPARAMS,*LPSENDCMDINPARAMS;

typedefstruct_GETVERSIONOUTPARAMS

{

BYTEbVersion;//Binarydriverversion.

BYTEbRevision;//Binarydriverrevision.

BYTEbReserved;//Notused.

BYTEbIDEDeviceMap;//BitmapofIDEdevices.

DWORDfCapabilities;//Bitmaskofdrivercapabilities.

DWORDdwReserved[4];//Forfutureuse.

}GETVERSIONOUTPARAMS,*PGETVERSIONOUTPARAMS,*LPGETVERSIONOUTPARAMS;

//////////////////////////////////////////////////////////////////////

//结构定义

typedefstruct_UNICODE_STRING

{

USHORTLength;//长度

USHORTMaximumLength;//最大长度

PWSTRBuffer;//缓存指针

}UNICODE_STRING,*PUNICODE_STRING;

typedefstruct_OBJECT_ATTRIBUTES

{

ULONGLength;//长度18h

HANDLERootDirectory;//00000000

PUNICODE_STRINGObjectName;//指向对象名的指针

ULONGAttributes;//对象属性00000040h

PVOIDSecurityDescriptor;//PointstotypeSECURITY_DESCRIPTOR，0

PVOIDSecurityQualityOfService;//PointstotypeSECURITY_QUALITY_OF_SERVICE，0

}OBJECT_ATTRIBUTES;

typedefOBJECT_ATTRIBUTES*POBJECT_ATTRIBUTES;

//函数指针变量类型

typedefDWORD（__stdcall*ZWOS）（PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES）;

typedefDWORD（__stdcall*ZWMV）（HANDLE,HANDLE,PVOID,ULONG,ULONG,PLARGE_INTEGER,PSIZE_T,DWORD,ULONG,ULONG）;

typedefDWORD（__stdcall*ZWUMV）（HANDLE,PVOID）;

BOOLWinNTHDSerialNumAsScsiRead（BYTE*dwSerial,UINT*puSerialLen,UINTuMaxSerialLen）

{

BOOLbInfoLoaded=FALSE;

for（intiController=0;iController<2;++iController）

{

HANDLEhScsiDriveIOCTL=0;

charszDriveName[256];

//TrytogetahandletoPhysicalDriveIOCTL,reportfailure

//andexitifcan't.

sprintf（szDriveName,"\\\\.\\Scsi%d:

",iController）;

//WindowsNT,Windows2000,anyrightsshoulddo

hScsiDriveIOCTL=CreateFile（szDriveName,

GENERIC_READ|GENERIC_WRITE,

FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,

OPEN_EXISTING,0,NULL）;

//if（hScsiDriveIOCTL==INVALID_HANDLE_VALUE）

//printf（"UnabletoopenSCSIcontroller%d,errorcode:

0x%lX\n",

//controller,GetLastError（））;

if（hScsiDriveIOCTL!

=INVALID_HANDLE_VALUE）

{

intiDrive=0;

for（iDrive=0;iDrive<2;++iDrive）

{

charszBuffer[sizeof（SRB_IO_CONTROL）+SENDIDLENGTH]={0};

SRB_IO_CONTROL*p=（SRB_IO_CONTROL*）szBuffer;

SENDCMDINPARAMS*pin=（SENDCMDINPARAMS*）（szBuffer+sizeof（SRB_IO_CONTROL））;

DWORDdwResult;

p->HeaderLength=sizeof（SRB_IO_CONTROL）;

p->Timeout=10000;

p->Length=SENDIDLENGTH;

p->ControlCode=IOCTL_SCSI_MINIPORT_IDENTIFY;

strncpy（（char*）p->Signature,"SCSIDISK",8）;

pin->irDriveRegs.bCommandReg=IDE_ATA_IDENTIFY;

pin->bDriveNumber=iDrive;

if（DeviceIoControl（hScsiDriveIOCTL,IOCTL_SCSI_MINIPORT,

szBuffer,

sizeof（SRB_IO_CONTROL）+sizeof（SENDCMDINPARAMS）-1,

szBuffer,

sizeof（SRB_IO_CONTROL）+SENDIDLENGTH,

&dwResult,NULL））

{

SENDCMDOUTPARAMS*pOut=（SENDCMDOUTPARAMS*）（szBuffer+sizeof（SRB_IO_CONTROL））;

IDSECTOR*pId=（IDSECTOR*）（pOut->bBuffer）;

if（pId->sModelNumber[0]）

{

if（*puSerialLen+20U<=uMaxSerialLen）

{

//序列号

CopyMemory（dwSerial+